New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] openssl.cnf gets overwritten #809

Open

1 task

sozercan opened this issue Oct 14, 2024 · 0 comments

Assignees

Labels

bug

Member

sozercan commented Oct 14, 2024 •

edited

Loading

Version of copa

0.8.0

Expected Behavior

openssl.cnf is not overwritten during patch. This does not happen with Mariner core image (mcr.microsoft.com/cbl-mariner/base/core)

Actual Behavior

openssl.cnf is overwritten which may break certain configurations

Steps To Reproduce

Create openssl.cnf file with any data
Create a Dockerfile with the following contents:

FROM mcr.microsoft.com/cbl-mariner/distroless/base:2.0.20240112
COPY openssl.cnf /etc/pki/tls/

Please note that base image is specifically selected to pin to a version that has an openssl vulnerability

Build image with docker build -t openssl:test .
Notice custom openssl.cnf is in /etc/pki/tls/ path. example: https://oci.dag.dev/layers/sozercan/openssl@sha256:4f15e75c292a2fcb04e55ee4b93cb3449424b9360831490339d3132b1a31a735/etc/pki/tls/
Copa patch the image using copa patch -i openssl:test
Notice patched image containing openssl.cnf is overwritten by copa: https://oci.dag.dev/layers/sozercan/openssl:test-patched@sha256:1d703d7013826dadde6c1ed3f32ce8b4b1431b8f1bbeedf7bc92863e2f20fda8/etc/pki/tls/

Are you willing to submit PRs to contribute to this bug fix?

Yes, I am willing to implement it.

The text was updated successfully, but these errors were encountered:

sozercan added the bug label

sozercan assigned ashnamehrotra

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment